#!/bin/sh
#
# Copyright (c) 2020 Gregory L. Dietsche <Gregory.Dietsche@cuw.edu>
# This is free software, licensed under the MIT License
#
. /lib/functions.sh

config_load 'family-dns'
config_get_bool enabled default enabled 0
config_get_bool redirect_dns default redirect_dns 0
config_get dns default dns default

#uninstall and disable are designed to be equivalent.
if [ "$1" = "uninstall" ] ; then
  enabled=0
fi

# Set OpenWrt Defaults
uci -q batch <<-EOT
  set network.wan.peerdns='1'
  set network.wan6.peerdns='1'
  delete network.wan.dns
  delete network.wan6.dns
  delete firewall.family_dns_lan
EOT

if [ "$enabled" -ne 1 ] ; then
  echo 'Activating Default ISP DNS server(s)'
else
  # We don't want to use ISP DNS servers because they don't filter queries
  uci set network.wan.peerdns='0'
  uci set network.wan6.peerdns='0'

  # Configure the DNS server(s) that will handle filtering.
  echo "Activating $dns"
  case $dns in
    cleanbrowsing-adult-filter)
      uci add_list network.wan.dns=185.228.168.10
      uci add_list network.wan.dns=185.228.169.11
      uci add_list network.wan6.dns=2a0d:2a00:1::1
      uci add_list network.wan6.dns=2a0d:2a00:2::1
      ;;
    cleanbrowsing-family-filter)
      uci add_list network.wan.dns=185.228.168.168
      uci add_list network.wan.dns=185.228.169.168
      uci add_list network.wan6.dns=2a0d:2a00:1::
      uci add_list network.wan6.dns=2a0d:2a00:2::
      ;;
    cloudflare-malware-and-adult-content)
      uci add_list network.wan.dns=1.1.1.3
      uci add_list network.wan.dns=1.0.0.3
      uci add_list network.wan6.dns=2606:4700:4700::1113
      uci add_list network.wan6.dns=2606:4700:4700::1003
      ;;
    cisco-family-shield)
      uci add_list network.wan.dns=208.67.222.123
      uci add_list network.wan.dns=208.67.220.123
      uci add_list network.wan6.dns=::ffff:d043:de7b
      uci add_list network.wan6.dns=::ffff:d043:dc7b
      ;;
    *)
      echo "$dns" is not supported.
      uci revert network
      redirect_dns=0
      ;;
  esac

  if [ "$redirect_dns" -eq 1 ] ; then
    echo Activating DNS redirect
    zone=lan
    ip=$(uci get network.$zone.ipaddr)

    uci -q batch <<-EOT
    set firewall.family_dns_lan=redirect
    add_list firewall.family_dns_lan.proto='tcp'
    add_list firewall.family_dns_lan.proto='udp'
    set firewall.family_dns_lan.src_dport='53'
    set firewall.family_dns_lan.dest_ip='$ip'
    set firewall.family_dns_lan.target='DNAT'
    set firewall.family_dns_lan.src='$zone'
    set firewall.family_dns_lan.dest='$zone'
    set firewall.family_dns_lan.name='family-dns redirect for $zone zone'
EOT
  fi
fi

uci -q batch <<-EOT
  commit network
  commit firewall
EOT

/etc/init.d/network reload
/etc/init.d/dnsmasq reload
/etc/init.d/firewall reload 2>/dev/null

